Wednesday, July 27, 2016

Democrat Party effectively invited their emails to be stolen by ignoring basic cybersecurity instructions for which it had paid $60,000. Two month study found DNC had out of date firewall and substandard malware protection. Hackers ended up staying nearly a year because DNC was lax-Bloomberg

The e-mails have devastated party leaders. Representative Debbie
Wasserman Schultz, the DNC chairwoman, has agreed to resign at the end
of this week’s convention. She was booed off the stage on opening day
after the leaked e-mails showed that party officials tried to undermine
the presidential campaign of Senator Bernie Sanders in favor of Hillary
Clinton, who was formally nominated on Tuesday evening. Party officials
are supposed to remain neutral on presidential nominations.

The
Federal Bureau of Investigation is examining the attack, which law
enforcement officials and private security experts say may be linked to
the Russian government. President Barack Obama suggested on Tuesday that
Russia might be trying to interfere with the presidential race. Russian
officials deny any involvement in the hacking and say they’re not trying to influence the election.

Donald Trump, the Republican presidential nominee, said
Wednesday that he didn’t think Russia was behind the attack. But he
also said he hoped the Russians would get their hands on e-mails that
Clinton exchanged using a private server while she was secretary of
state, to expose any e-mails she might have deleted.

The consultants briefed senior DNC leaders on the security problems
they found, the people familiar with the matter said. It’s unclear
whether Wasserman Schultz was present. Now, she is likely to face
criticism over not only the content of the e-mails -- including one in
which a party official proposes pushing stories in the news media
questioning Sanders’s Jewish faith -- but also the failure to take steps
to stop the theft in the first place.

The assessment by Good
Harbor Security Risk Management, headed by the former Clinton and Bush
administration official Richard Clarke,occurred over two months
beginning in September 2015, the people said. It included interviews
with key staff members and a detailed review of the security measures in
place on the organization’s network, they said.

Mark
Paustenbach, a spokesman for the DNC, declined to comment on the Good
Harbor report. Emilian Papadopoulos, president of Washington-based Good
Harbor, said he couldn’t comment on work done for a specific client.

Missed Warnings

The
security review commissioned by the DNCwas perhaps the most detailed
of a series of missed warnings. Officials at both the Republican
National Committee and the DNC received government briefings on
espionage and hacking threats beginning last year, and then received a
more specific briefing this spring, according to another person familiar
with the matter.

Cyber-security assessments can be a mixed
blessing. Legal experts say some general counsels advise organizations
against doing such assessments if they don’t have the ability to quickly
fix any problems the auditors find, because customers and shareholders
could have cause to sueif an organization knowingly disregards such
warnings.
.Papadopoulos said a risk analysis by his firm is
designed to “help an organization’s senior leadership answer the
questions, ‘What are our unique and most significant cyber security
risks, how are we doing managing them, and what should we improve?’”

The
firm typically recommends that clients conduct a so-called breach
assessment to determine whether hackers are already lurking in the
network, Papadopoulos said. He wouldn’t confirm whether such a
recommendation was among those delivered to the DNC.

“We give
recommendations on governance, policies, technologies and crisis
management,” he said. “For organizations that have not had a compromise
assessment done, that is one of the things we often recommend.”